Kirsten Doyle

The healthcare industry’s digital expansion may be exposing more than it protects. How would you feel if strangers online saw your MRI scan and knew your diagnosis, maybe even before you did? That’s not a hypothetical, it’s already happening. New research from Modat shows that more than 1.2 million internet-connected healthcare devices and systems are publicly accessible online, leaking private patient data (from brain scans to blood tests) through basic security lapses.  Many of these devices are misconfigured, poorly secured, or running on outdated software. Some don’t require authentication at all. Others are protected by default or weak passwords like…

Pandora, the world’s largest jewelry brand by revenue, has confirmed it was the target of a cyberattack that exposed customer data. The Danish company, known for its charm bracelets and global retail presence, said the breach occurred via a third-party platform it uses for customer services. The incident, first reported by Forbes, adds Pandora to an increasingly long list of luxury and high-street retailers affected by cybersecurity breaches in recent months. In a service email titled “This is an important service email from Pandora regarding a personal data breach,” customers were informed that basic personal details (names and email addresses)…

WhatsApp has removed nearly seven million accounts tied to global scams in just six months, the BBC reports.  According to parent company Meta, many of these accounts were traced back to scam centres in South East Asia, some operated by criminal networks using forced labour. The revelation comes alongside WhatsApp’s rollout of new anti-scam tools, including a warning system for users added to group chats by people outside their contacts.  Meta says its systems detected and disabled millions of accounts before scammers could make them operational. The tactic is part of a larger and more troubling pattern: bad actors pose…

Chanel has confirmed a data breach that affected its U.S. client care database. The news first came from WWD on Friday. The incident happened on July 25 and involved unauthorized access to a database managed by a third-party provider.  A company spokeswoman confirmed the incident, saying: “The investigation indicates that there was unauthorized access to this database. There was no malware deployed to our systems, and our operations remain unaffected.”  She added that Chanel immediately activated their incident response protocols and brought cybersecurity experts on board to aid their investigation.  The information exposed was limited. Names, emails, mailing addresses, and…

In August, cybersecurity firm CTM360 uncovered a large-scale scam targeting TikTok Shop users. Called “FraudOnTok,” this campaign combines phishing with malware. It uses a complex web of fake sites and apps to trick victims into handing over their credentials, and their money. The bad actors set up more than 15,000 lookalike domains. They mimic TikTok Shop, TikTok Wholesale, and TikTok Mall, using cheap domain extensions like .top, .shop, and .icu. These sites fool users into believing they’re on the official platform. Once there, victims are hit with phishing pages that steal login info, and are prompted to download trojanized apps…

By 2024, AI had done more than disrupt industries. It had quietly supercharged one: data brokerage. Few consumers ever meet a data broker and even fewer understand what they do. But their work touches nearly every person with a smartphone, a loyalty card, or an internet connection.  The Invisible Harvest Data brokers operate in silence. They gather, compile, and sort.  According to vpnMentor: “They often do this indirectly and without explicit consent, instead maximizing public records, traceable online activity, or other openly accessible channels.  Names, phone numbers, IP addresses. Birthdays, income brackets, voter registrations, browsing habits, shopping carts, and app…

New research from browser security firm Menlo Security reveals an alarming rise in unsanctioned generative AI (GenAI) use across enterprises, with growing concerns over data leakage, phishing, and regulatory compliance. According to The 2025 Report: How AI is Shaping the Modern Workspace, web traffic to GenAI sites spiked by 50% in under a year, culminating in 10.53 billion visits in January 2025 alone. At the heart of the findings is a sharp increase in what Menlo terms Shadow AI, or the use of unsanctioned GenAI tools by employees, often without their organization’s knowledge or oversight. AI Adoption Accelerates, Security Gaps…

A new name surfaced in Microsoft’s analysis of the ToolShell exploitation campaign earlier this year. Storm-2603. There was no history or track record. Just a cluster of activity, loosely linked to ransomware. Now, Check Point Research has filled in some of the blanks. Storm-2603, it turns out, was not born with ToolShell. It had been busy long before, targeting entities in Latin America and APAC. Its methods are like the hybrid DNA of advanced persistent threats and criminal ransomware crews. It moves with precision, using open-source tools and custom malware. It doesn’t bluff.  An Unknown Name, Familiar Footsteps ToolShell is…

The UK has seen a steep rise in VPN usage following the enforcement of the Online Safety Act.   On 25 July, Ofcom began implementing new age-verification rules designed to keep children away from adult content. In response, many users started using VPNs. Traffic spiked. So did downloads.  Researchers at vpnMentor tracked a whopping 6,430% increase in VPN demand in the hours after the law came into effect. “It remained as such for almost two hours before it started dropping at the end of the day, but with spikes of 900% up to 4000% the following days,” researchers said.  Several VPN…

Ransomware groups are ramping up pressure on the public sector. In the first half of 2025, 208 attacks were recorded against government entities worldwide. That’s a 65% increase over the same period in 2024, and a 25 percent rise from the second half of last year. These were some of the findings from Comparitech’s Map of worldwide ransomware attacks that is updated daily. Half of the incidents were confirmed by the targeted agencies. The rest remain unresolved or unacknowledged. This level of transparency is rare outside the public sector. In education, only 31% of incidents were confirmed. Healthcare: 32%. In…